b"August 20, 2014\n\n\nMEMORANDUM FOR:            CHARLES L. MCGANN, JR.\n                           MANAGER, CORPORATE INFORMATION SECURITY\n\n\n\n\n                           for\nFROM:                      Kimberly F. Benoit\n                           Deputy Assistant Inspector General\n                            for Information Technology and Data Analysis\n\n\nSUBJECT:                   Management Alert \xe2\x80\x93 Backup and Recovery of Essential Data\n                           (Report Number IT-MA-14-001)\n\nThis management alert presents our review of backup and recovery procedures for\nessential databases due to a recent hardware failure that resulted in a loss of Computer\nIncident Response Team (CIRT) data (Project Number 14BM003IT001). This issue\ncame to our attention during our Fiscal Year 2014 Information Technology Internal\nControls audit (Project Number 14BM003IT000).\n\nWe appreciate the cooperation and courtesies provided by your staff and commend the\nimmediate action taken by your office to ensure that CIRT data is maintained going\nforward. If you have any questions or need additional information, please contact Aron\nAlexander, director, Information Technology, or me at 703-248-2100.\n\nAttachment\n\ncc: Corporate Audit and Response Management\n\x0cBackup and Recovery of Essential Data                                                             IT-MA-14-001\n\n\n\nIntroduction\n\nDuring the Fiscal Year (FY) 2014 Information Technology Internal Controls audit\n(Project Number 14BM003IT000), the U.S. Postal Service Office of Inspector General\n(OIG) became aware of a hardware failure that resulted in the loss of the Computer\nIncident Response Team (CIRT) database used to record and monitor computer\nincidents (Project Number 14BM003IT001).1\n\nThe U.S. Postal Service\xe2\x80\x99s Data Management Services group periodically performs off-\nsite backups for hundreds of critical databases. However, there are other essential\ndatabases that are not classified as critical2 that are used for daily functions. These\nfunctions include analysis of historical data and maintaining records for compliance with\nexisting security policy.3 We are issuing this alert to make the Postal Service aware of\nthe need to modify its current backup and storage requirements to ensure that essential,\nbut not critical, data is available.\n\nConclusion\n\nThe Postal Service did not ensure all database backups were being stored on separate\nhardware. Specifically, the CIRT database was lost due to a hardware failure and the\ndata was not recovered due to the absence of a backup on a separate piece of\nhardware. As a result, this database was not available to perform historical analyses\nand the Postal Service could not comply with security policy. Although the Postal\nService took immediate corrective action for this database by implementing backup\nprocedures on separate hardware, there may be other unidentified databases that are\nnot backed up on separate hardware that could result in a loss of data and the inability\nto comply with record maintenance requirements.\n\nBackup and Recovery\n\nThe Postal Service maintained an essential CIRT database and backed up a copy of\nthe database on the same hardware. On April 4, 2014, a hardware failure occurred that\nmade the original database and the backup of the database inaccessible. 4 As a result,\nthe database was not available to perform analyses of computer incidents that would\nenable management to more effectively monitor and resolve new incidents in a timely\nmanner. In addition, the Postal Service could not maintain an electronic incident\nrepository.\n\n\n\n1\n  Security incidents are events that threaten the integrity, availability, or confidentiality of information resources, such\nas suspicion or occurrence of any fraudulent activity; unauthorized disclosure, modification, misuse, or inappropriate\ndisposal of Postal Service information.\n2\n  Information is designated as critical information if its unavailability would have a serious adverse impact on\ncommunications. Essential databases are necessary for daily operations, but are not classified as critical.\n3\n  Handbook AS-805, Information Security, Section 13-4.2.2 Processing Incidents Reports.\n4\n  The Postal Service maintained paper copies of incident reports that contained portions of the data lost.\n                                                              1\n\x0cBackup and Recovery of Essential Data                                                        IT-MA-14-001\n\n\n\nAlthough management responded swiftly and took corrective action by updating and\n                                                                                   5\nimplementing backup procedures for a new CIRT database using the\napplication, there may be other essential databases used by other groups that are not\nbacked up on separate hardware. The practice of backing up data on the same\nhardware could result in the loss of essential data, increased workhours to recreate the\ndatabases, and an inability to perform analyses in the event of hardware failure.\n\nCurrently, the Postal Service\xe2\x80\x99s security standards6 state critical information resources\nmust be stored off-site at a location that is not subject to the same threats as the original\nmedia, but does not prohibit the practice of using the same hardware to maintain and\nback up noncritical information resources. If the standards were updated, database\nowners would need to review and possibly modify their backup procedures, thereby\nensuring information resources can be restored in a timely manner in the event of a\nhardware failure.\n\nRecommendations\n\nWe recommend the manager, Corporate Information Security:\n\n1. Expand existing procedures in Handbook AS-805, Information Security, to prohibit\n   the practice of using the same hardware to maintain and back up noncritical\n   information resources.\n\n2. Issue a reminder that data backups are to be maintained in an appropriate location\n   to reduce potential loss, damage, or misuse of essential data.\n\nManagement\xe2\x80\x99s Comments\n\nManagement agreed with the findings (in subsequent communications) and the\nrecommendations in the report. Regarding recommendation 1, management stated\nCorporate Information Security will update Handbook AS-805, for backup storage\nrequirements. Specifically, the policy will require that backups must not be stored on the\nsame hardware device as the original information. Additionally, management will update\noff-site backup storage requirements to state that noncritical information stored on\nmainframes, servers, workstations, and mobile devices should be backed up and stored\noff-site at a location that is not subject to the same threats as the original information.\nManagement\xe2\x80\x99s target implementation date is April 2015.\n\nRegarding recommendation 2, management stated after updating Handbook AS-805,\nthey will publish an article to Postal Service staff reminding them that backup media\ncontaining sensitive and non-publicly available information must be labeled as\n\xe2\x80\x9cRestricted Information\xe2\x80\x9d and backups must not be stored on the same hardware device\nas the original information. Management\xe2\x80\x99s target implementation date is April 2015. See\nAppendix A for management\xe2\x80\x99s comments, in their entirety.\n\n5\n               automates remote data backups.\n6\n    Handbook AS-805, Information Security, Section 9-9.4.4.6 Off-Site Backup Storage Requirements.\n\n\n                                                          2\n\x0cBackup and Recovery of Essential Data                                 IT-MA-14-001\n\n\n\n\nEvaluation of Management\xe2\x80\x99s Comments\n\nThe OIG considers management\xe2\x80\x99s comments responsive to the recommendations and\ncorrective actions should resolve the issues identified in the report.\n\nThe OIG considers all the recommendations significant, and therefore requires OIG\nconcurrence before closure. Consequently, the OIG requests written confirmation when\ncorrective actions are completed. These recommendations should not be closed in the\nPostal Service\xe2\x80\x99s follow-up tracking system until the OIG provides written confirmation\nthat the recommendations can be closed.\n\n\n\n\n                                           3\n\x0cBackup and Recovery of Essential Data                         IT-MA-14-001\n\n\n\n                          Appendix A: Management's Comments\n\n\n\n\n                                          4\n\x0cBackup and Recovery of Essential Data       IT-MA-14-001\n\n\n\n\n                                        5\n\x0c"